pacoinmass Posted May 22, 2016 Share Posted May 22, 2016 I'm not an expert on home networking so please forgive me. With the proliferation of internet connected devices like TVs, our blue-ray player, and now my Aries streamer I'm wondering if it's possible to have these devices running on a wired/wire-less network that's "isolated" from a network that we can use with laptops and desktops. Am concerned mostly for security reasons b/c I can use Firewall software with laptops/desktops but clearly can't with home theater devices. Am also concerned re: privacy....not sure what companies like Samsung, Oppo and Aurelic (and others) are monitoring on my network since they clearly have the ability to push firmware and software updates to their devices. I currently have firewalls set up on my router however I"m not sure that would stop a company from planting monitoring software somewhere on my network. Is there a relatively easy way to address this concern? Thanks in advance for any guidance. QNAP TS-251-->Netgear GS116 Switch--->Asus router--->wireless to Aurelic Aries--->USB to NAD M51--->Bryston B135--->Thiel CS 2.7 speakers Link to comment
sjay Posted June 4, 2016 Share Posted June 4, 2016 You can achieve this by creating VLAN's on your internal network. VLAN1: 192.168.1.0/24 VLAN 2 192.168.2.0/24 Each will have its own default gateway (*.1 or *.254 are generally accepted as good practice). They will both have the same external IP as supplied by your ISP and both subnets will be natted to the internet VLANS are designed to segment traffic between subnets so broadcast rubbish does not pollute them and are not a great idea if security is your main objective but for your business case, it will be OK to use VLANs for this purpose. Filtering traffic to external networks like samsung is a different discussion but can also be done. If you want a proper firewall that wont give you grey hair configuring and you are not price sensitive, try the new CheckPoint 750 appliances, they are pretty nifty and very secure. The GUI is nice too. ps: your router/firewall or switch needs to support VLANS to do this. hope this helps Link to comment
pacoinmass Posted June 5, 2016 Author Share Posted June 5, 2016 sjay, Thank you for the reply. I'll have to try this. My setup is bit complex (using an Actiontec FIOS router to assign IP addresses to all wired and wireless connected devices) and using 3 Airport Extremes to create the wireless network for the LAN: FIOS router------>Netgear Switch------>Various Ethernet-connected devices, including 3 Airport Extremes which create one wireless network (same SSID and password so devices automatically switch to strongest signal through the house). The Actiontec appears to support VLAN (features list in manual says "VLAN multicast support. Given that I'm not a network expert, will have to experiment one weekend. One question I have is how do I "force" or assign each device to a particular VLAN? We have a mixture of laptops/desktops, iThings, a few TVs, Sonos, Aries, blue ray players, etc. Would I have to go into each device and force a selection of the network? QNAP TS-251-->Netgear GS116 Switch--->Asus router--->wireless to Aurelic Aries--->USB to NAD M51--->Bryston B135--->Thiel CS 2.7 speakers Link to comment
sjay Posted June 5, 2016 Share Posted June 5, 2016 Normally you assign vlans to switch ports, but you can assign more than 1 vlan to a given port. As an example you might have both a data vlan and voice vlan assigned to a given switch port. there are a few ways to assign vlans to a given device, you will need to do some reading to work out which one is suits you best. Make sure your switch supports it as a first step. Link to comment
cjf Posted June 7, 2016 Share Posted June 7, 2016 Indeed there are many ways to skin this cat. As "sjay" said you could use VLAN's but one thing to keep in mind in that scenario is that you would want to have all devices which are dependant on each other located within the same VLAN since they will not be able to talk to devices in other VLAN's. That is unless you are willing to get into more involved routing scenario’s which would also require a more sophisticated router and switch. If your switch was advanced enough you could configure what is called a "TRUNK" Port which allows multiple VLANS to share the same interface. This would only really be of concern if Port count on the switch was at a premium. Here is another option to consider: 1. If your router has a "DMZ" port on it you could connect a switch to that DMZ port and have your Audio related devices plugged into that switch. This DMZ network could be thought of as a "no man's land" zone which basicly lives behind your outer most Firewall Interface and in front of your Internal WAN Port that feeds the internal Private network. Its a buffer zone so to speak. This approach would allow Internet access for the Audio devices for streaming or album artwork...etc but you would also want to plug at least one of your Wireless devices into the DMZ switch so you can manage your equipment and playback within that isolated zone. Just be sure to create an appropriately named SSID so you know your connecting to the "DIRTY" network and not the "CLEAN" one. I dont want to muddying the waters by talking about the issues of cross contamination that could occur by using a device that can connect to both the CLEAN & DIRTY networks but it is something else to consider My Audio System -Last Updated May 20 2021 Link to comment
ruasiyot Posted June 7, 2016 Share Posted June 7, 2016 you might have both a data vlan and voice vlan assigned to a given switch port. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now